News for Admins
Tech News
Pokémon Go Hacked by OurMine
The phenomenal success of Pokémon Go is also attracting cybercriminals. Pokémon Go experienced severe server issues on July 16; however, the company didn't mention an attack.
According to PC Magazine, the OurMine hacker group was behind the server issue. Members of OurMine said via email that they were just trying to protect the company's servers. "We wrote we will stop the attack if any Niantic staff talked with us, because we will teach them how to protect their servers," a member of OurMine told PC Magazine.
Another group called PoodleCorp is claiming a distributed denial of service (DDoS) attack on Pokémon Go servers. They announced another planned attack for August 1, which didn't appear to happen.
The popularity of the game has raised concerns around privacy and security. Senator Al Franken (D) of Minnesota penned a letter to the game developers and expressed his concerns. He wrote, "I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent."
Popular blogger and Entrepreneur in Residence at Upload VR, Robert Scoble, also expressed his concerns on Facebook, "I haven't seen a single person worrying about the privacy implications of Pokémon Go. Yes, we have gone over the freaky line that Shel Israel and I laid out in our book Age of Context. Five years ago this game would have caused a huge privacy panic. This thing tracks our children. Think about that!"
Ubuntu Forums Breached Again
Canonical reported on July 14 that Ubuntu forums were breached. Attackers were able to steal usernames, email addresses, and IP addresses of more than two million users.
This is the second time Ubuntu forums were breached. The last breach happened in 2013 when attackers stole email addresses, passwords, and member's usernames.
Despite its claims of being an open source Linux company, Canonical is running its forums on proprietary vBulletin software. But Canonical is not alone, Fedora and SUSE also use vBulletin for their forums.
Ubuntu forums were hacked because admins at Canonical didn't update the forum software. Security expert Graham Cluley wrote on his blog, "What a goof. If you don't patch the software running on your website, don't be surprised if a hacker compromises your system and makes off with your customer's data."
This is the second high-profile break-in in the desktop Linux world. The Linux Mint site was hacked earlier this year.
Zero Day UEFI Exploit Affecting Lenovo, HP, and Gigabyte Laptops
Dmytro Oleksiuk, a security researcher, has discovered a zero-day exploit for the low-level firmware found in some Lenovo laptops. Oleksiuk wrote on GitHub, "Vulnerability is present in all of the ThinkPad series laptops, the oldest one that I have checked is X220 and the newest one is T450s (with latest firmware versions available at this moment)."
According to Oleksiuk, "Running of arbitrary System Management Mode code allows the attacker to disable flash write protection and infect platform firmware, disable Secure Boot, bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise and do other evil things."
Lenovo said in its security advisory that their Product Security Incident Response Team (PSIRT) is fully aware of a BIOS vulnerability located in the System Management Mode (SMM) code that impacts certain Lenovo PC devices.
The SMM code running on certain Lenovo laptops was provided by Independent BIOS Vendors (IBVs). Additionally, other laptop makers may also have used the same SMM in their devices. Some researchers have already found the vulnerabilities in HP and Gigabyte Technology laptops.
Millions of Android Devices Affected by Chinese Malware
Check Point, an Israel-based cybersecurity firm, reports that an Android malware named HummingBad is affecting millions of devices around the globe. CNET reports that the majority of victims are from India (1.35 million) and China (1.6 million). The US is not immune to HummingBad, with over 288,800 infected devices.
This malware operates by trying to root Android devices. According to Check Point, the group manages to root hundreds of devices everyday. Once rooted, the group can create a botnet and carry out targeted attacks on businesses or government agencies.
What's more worrisome is the fact that the group has close associations with Yingmob, an advertising and analytics agency based in Beijing (China).
According to Check Point, "Yingmob uses HummingBad to control 10 million devices globally and generate $300,000 per month in fraudulent ad revenue. This steady stream of cash, coupled with a focused organizational structure, proves cybercriminals can easily become financially self-sufficient."
Google said in a statement to CNET that they are aware of this family of malware and have been improving their systems to detect it. However, Android is not the only victim; Apple's iOS has also been affected by Yingmob malware.
Apple Fixes AirPort Router Flaw
Apple has released an update that patches a nine-month-old security hole in AirPort routers. The security updates are available for AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n; also updated are AirPort Extreme and AirPort Time Capsule base stations with 802.11ac.
Apple is not disclosing much information about the flaw but wrote in a support document that "a memory corruption issue existed in DNS data parsing. This issue was addressed through improved bounds checking." Apple said that the flaw allows a remote attacker to execute arbitrary code. The flaw was discovered in January by a user named Alexandre Hélie from Montreal, according to Canadian website TVA Nouvelles. Follow the instructions at [http://www.tomsguide.com/us/apple-airport-router-patch,news-22879.html] to update the firmware on your AirPort routers.